**Social Networking When may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? (Sensitive Information) What certificates are contained on the Common Access Card (CAC)? February 8, 2022. Linda encrypts all of the sensitive data on her government issued mobile devices. Which of the following is NOT a good way to protect your identity? Use only personal contact information when establishing personal social networking accounts, never use Government contact information. Correct. DOD Cyber Awareness 2021 (DOD. Since the URL does not start with https, do not provide your credit card information. Any time you participate in or condone misconduct, whether offline or online. (Home computer) Which of the following is best practice for securing your home computer? Many apps and smart devices collect and share your personal information and contribute to your online identity. Follow instructions given only by verified personnel. Government-owned PEDs, if expressly authorized by your agency. How can you guard yourself against Identity theft? Correct. Which of the following represents a good physical security practice? Which of the following is true of the Common Access Card (CAC) or Personal Identity Verification (PIV) card? (Spillage) Which of the following is a good practice to aid in preventing spillage? How do you respond? NOTE: Always mark classified information appropriately and retrieve classified documents promptly from the printer. An investment in knowledge pays the best interest.. When using a fax machine to send sensitive information, the sender should do which of the following? Not at all. **Removable Media in a SCIF What must users ensure when using removable media such as compact disk (CD)? Continue Existing Session. according to the 2021 State of Phishing and Online Fraud Report. The Cyber Awareness Challenge, which is also known as the Army Cyber Awareness Training, the cyber awareness challenge or the DOD cyber challenge, is an annual computer security training that was created to increase cyber awareness among Department of Defense (DoD) employees. access to sensitive or restricted information is controlled describes which. Follow procedures for transferring data to and from outside agency and non-Government networks. What is NOT Personally Identifiable Information (PII)? Debra ensures not correct Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIC) card. Which of the following statements is true? After you have returned home following the vacation. The person looked familiar, and anyone can forget their badge from time to time.B. af cyber awareness challenge. Which is NOT a method of protecting classified data? As a security best practice, what should you do before exiting? How many potential insider threat indicators is Bob displaying? A user writes down details from a report stored on a classified system marked as secret and uses those details to draft an unclassified briefing on an unclassified system without authorization. Phishing can be an email with a hyperlink as bait. Which of the following is NOT an appropriate way to protect against inadvertent spillage?A. Which of the following is NOT Government computer misuse? NOTE: Never charge personal mobile devices using GFE nor connect any other USB devices (like a coffer warmer) to GFE. **Classified Data How should you protect a printed classified document when it is not in use? Which piece of information is safest to include on your social media profile? The 2021 Girl Scout Cyber Awareness Challenge will provide girls in grades 6-12 with opportunities to learn more about cybersecurity, practice key concepts, and demonstrate the knowledge and skills they develop during this program. Lionel stops an individual in his secure area who is not wearing a badge. Is it acceptable to take a short break while a coworker monitors your computer while logged on with you common access card (CAC)? not correct How many potential insider threat indicators does this employee display? Social Security Number, date and place of birth, mothers maiden name. Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. Here are the test answers to the Cyber Awareness Challenge (CAC) 2023. A .gov website belongs to an official government organization in the United States. (Answer) CPCON 2 (High: Critical and Essential Functions) CPCON 1 (Very High: Critical Functions) CPCON 3 (Medium: Critical, Essential, and Support Functions) CPCON 4 (Low: All Functions) CPCON 5 (Very Low: All Functions). *Sensitive Information Under what circumstances could classified information be considered a threat to national security? What should you do? correct. **Insider Threat What advantages do insider threats have over others that allows them to cause damage to their organizations more easily? ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. (Malicious Code) Which of the following is NOT a way that malicious code spreads? METC Physics 101-2. A system reminder to install security updates.B. **Physical Security What is a good practice for physical security? **Use of GFE When can you check personal e-mail on your Government-furnished equipment (GFE)? Do not access website links in e-mail messages. *Spillage Which of the following may help prevent inadvertent spillage? Which of the following is an example of two-factor authentication? correct. correct. **Classified Data Which of the following is a good practice to protect classified information? An official website of the U.S. Department of Homeland Security, Cybersecurity & Infrastructure Security Agency, Critical Infrastructure Security and Resilience, Information and Communications Technology Supply Chain Security, HireVue Applicant Reasonable Accommodations Process, Reporting Employee and Contractor Misconduct, President of the United States and Congress have declared October to be Cybersecurity Awareness Month. Memory sticks, flash drives, or external hard drives. Immediately notify your security point of contact. What should you do? Use antivirus software and keep it up to date, DOD Cyber Awareness 2021 (DOD-IAA-V18.0) Know, Operations Management: Sustainability and Supply Chain Management, John David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine, Elliot Aronson, Robin M. Akert, Samuel R. Sommers, Timothy D. Wilson. . What should you do? They may be used to mask malicious intent. The CAC/PIV is a controlled item and contains certificates for: An individual who has attempted to access sensitive information without need-to-know and has made unusual requests for sensitive information is displaying indicators of what? Ctrl+F (Cmd+F) will help you a lot when searching through such a large set of questions. *Sensitive Compartmented Information Which must be approved and signed by a cognizant Original Classification Authority (OCA)? Join the global cybersecurity community in its most festive cyber security challenge and virtual conference of the year. Classification markings and handling caveats. Since the URL does not start with https, do not provide you credit card information. Do not download it. Monitor credit card statements for unauthorized purchases, Thumb drives, memory sticks, and flash drives are examples of. Popular books. Below are most asked questions (scroll down). Understanding and using the available privacy settings. Store it in a General Services Administration (GSA)-approved vault or container. Exposure to malwareC. [Prevalence]: Which of the following is an example of malicious code?A. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. You receive an unexpected email from a friend: I think youll like this: https://tinyurl.com/2fcbvy. What action should you take? Information Assurance Test Information Assurance Test Logged in as: OAM-L2CTBMLB USER LEVEL ACCESS Please answer each of the questions below by choosing ONE of the answer choices based on the information learned in the Cyber Awareness Challenge. Correct, Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. Only use a government-issued thumb drive to transfer files between systems.C. correct. How many insider threat indicators does Alex demonstrate? Paste the code you copied into the console and hit ENTER. UNCLASSIFIED is a designation to mark information that does not have potential to damage national security. [Incident #1]: When is it appropriate to have your security badge visible?A. (Malicious Code) Which email attachments are generally SAFE to open? Immediately notify your security point of contact. what should you do? The email has an attachment whose name contains the word secret. Top Secret information could be expected to cause exceptionally grave damage to national security of disclosed. In addition to avoiding the temptation of greed to betray his country, what should Alex do differently? *Insider Threat Which of the following is a potential insider threat indicator? Share sensitive information only on official, secure websites. Which of the following is true of traveling overseas with a mobile phone. Which of the following is NOT a home security best practice? **Social Engineering Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? When I try to un-enroll and re-enroll, it does not let me restart the course. There is no way to know where the link actually leads. Which of the following best describes good physical security? navyEOD55. What should be your response? Which of the following demonstrates proper protection of mobile devices? **Classified Data When classified data is not in use, how can you protect it? Using webmail may bypass built in security features. Following instructions from verified personnel. Which of the following attacks target high ranking officials and executives? CUI may be stored on any password-protected system. *Spillage What should you do if you suspect spillage has occurred? [Incident]: What is the danger of using public Wi-Fi connections?A. These zip files contain all the Certification Authority (CA) certificates for the specified PKI in different formats. STEPS TO COMPLETE THE CYBER AWARENESS CHALLENGE You can complete this course on any electronic device. Individual Combat Equipment (ICE) Gen III/IV Course. What should be your response? Which of the following is true about telework? **Insider Threat A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. Attempting to access sensitive information without need-to-know, Avoid talking about work outside of the workplace or with people without a need-to-know, Report the suspicious behavior in accordance with their organizations insider threat policy. What can be used to track Marias web browsing habits? ! (A type of phishing targeted at senior officials) Which is still your FAT A$$ MOTHER! The Manual completes the DoD 8140 policy series, which provides a targeted role-based approach to identify, develop, and qualify cyber workforce personnel by leveraging the DoD Cyber Workforce Framework. Do not access website links, buttons, or graphics in e-mail. What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed? Validate friend requests through another source before confirming them. Which of the following is NOT an example of sensitive information? The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the DoD, and the general public. Decline So That You Maintain Physical Control of Your Government-Issued Laptop. (Sensitive Information) Which of the following is true about unclassified data? **Insider Threat What function do Insider Threat Programs aim to fulfill? How many potential insider threat indicators does this employee display? [Incident #1]: What should the employee do differently?A. Spillage because classified data was moved to a lower classification level system without authorization. Use the classified network for all work, including unclassified work. Why is the role of entrepreneurs much more important in the new growth theory than in the traditional economic growth model? The DoD Cyber Exchange NIPR provides exclusive access to cyber training and guidance to users with DoD Public Key Infrastructure (PKI) credentials (or equivalent). Mark SCI documents appropriately and use an approved SCI fax machine. *Spillage Which of the following is a good practice to aid in preventing spillage? This summer, CYBER.ORG is excited to partner with Girl Scouts of the USA, the U.S. Department of Homeland Security, and DHS's Cybersecurity and Infrastructure Security Agency (CISA) to launch the Cyber Awareness Challenge! **Physical Security At which Cyberspace Protection Condition (CPCON) is the priority focus on critical functions only? . **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? Here are the test answers to the Cyber Awareness Challenge (CAC) 2023. **Classified Data Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? Paul verifies that the information is CUI, includes a CUI marking in the subject header, and digitally signs an e-mail containing CUI. Telework is only authorized for unclassified and confidential information. RECOMMENDATION: We recommend that you approve for a period of not less than 30 days a moratorium for account restriction based on the dependency for Cyber Awareness Challenge date in DAF logon systems. Using NIPRNet tokens on systems of higher classification level. Do not access links or hyperlinked media such as buttons and graphics in email messages. What is the best course of action? What should the owner of this printed SCI do differently? Which of the following is true of the Common Access Card (CAC)? What should the owner of this printed SCI do differently? What must you ensure if your work involves the use of different types of smart card security tokens? Which of the following is a best practice for physical security? NOTE: You must have permission from your organization to telework. Let the person in but escort her back to her workstation and verify her badge. correct. Maintain visual or physical control of the device. It also says I cannot print out the certificate. A program that segregates various type of classified information into distinct compartments for added protection and dissemination for distribution control. What does Personally Identifiable information (PII) include? Which of the following is true of Protected Health Information (PHI)? Secure it to the same level as Government-issued systems. The training also reinforces best practices to protect classified, controlled unclassified information (CUI), and personally identifiable information (PII). Correct. A coworker removes sensitive information without approval. Which of the following is true of Security Classification Guides? Never write down the PIN for your CAC. Which of the following is NOT an example of CUI?A. Which of the following actions is appropriate after finding classified Government information on the internet? Decline to let the person in and redirect her to security.C. *Sensitive Compartmented Information What should the owner of this printed SCI do differently? Darryl is managing a project that requires access to classified information. Note any identifying information, such as the websites URL, and report the situation to your security POC. Report the crime to local law enforcement. Which of the following is NOT a best practice to protect data on your mobile computing device? Since 2004, thePresident of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace. **Mobile Devices Which is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? What information most likely presents a security risk on your personal social networking profile? Accepting the default privacy settings. correct. Proprietary dataB. **Classified Data What level of damage can the unauthorized disclosure of information classified as Confidential reasonably be expected to cause? Linda encrypts all of the sensitive data on her government-issued mobile devices.C. (Malicious Code) What is a good practice to protect data on your home wireless systems? The Cyber Awareness Challenge is the DoD . *Sensitive Compartmented Information When faxing Sensitive Compartmented Information (SCI), what actions should you take? dcberrian. Publication of the long-awaited DoDM 8140.03 is here! All of these.. CUI must be handled using safeguarding or dissemination controls. Which of the following is a proper way to secure your CAC/PIV? What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? NoneB. (Malicious Code) What is a common indicator of a phishing attempt? Classified information that should be unclassified and is downgraded. What is a security best practice to employ on your home computer? Which of the following does not constitute spillage. Store classified data appropriately in a GSA-approved vault/container. Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace. Which of the following is NOT a type of malicious code? **Insider Threat How many potential insider threat indicators does a person who is playful and charming, consistently wins performance awards, but is occasionally aggressive in trying to access sensitive information display? As part of the survey the caller asks for birth date and address. Is it permitted to share an unclassified draft document with a non-DoD professional discussion group? Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI), Select the information on the data sheet that is protected health information (PHI). A man you do not know is trying to look at your Government-issued phone and has asked to use it. Which of the following is not considered a potential insider threat indicator? attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. Which of the following is true of Unclassified Information? When using your government-issued laptop in public environments, with which of the following should you be concerned? Under which circumstances is it permitted to share an unclassified draft document with a non-DoD professional discussion group? Which method would be the BEST way to send this information? **Social Networking Your cousin posted a link to an article with an incendiary headline on social media. NOTE: Dont allow others access or piggyback into secure areas. Three or more. When your vacation is over, and you have returned home. Correct. A trusted friend in your social network posts a link to vaccine information on a website unknown to you. *Controlled Unclassified Information Which of the following is NOT a correct way to protect CUI? Based on the description that follows, how many potential insider threat indicator(s) are displayed? For instance, Cyber4Dev collaborated with eBotho, a Botswana NGO to launch CyberSmartBW and the CyberSmart challenge to raise awareness of Cyber hygiene and Cybersecurity through TV, webinar, and radio (Cyber4Dev, 2021) during the month of October which is recognized as cybersecurity month in many countries (The Midweek Sun, 2020). *Sensitive Information Which of the following is an example of Protected Health Information (PHI)? Found a mistake? Based on the description that follows, how many potential insider threat indicator(s) are displayed? (Spillage) What should you do if a reporter asks you about potentially classified information on the web? Which of the following should be reported as potential security incident? Store it in a locked desk drawer after working hours. Thats the only way we can improve. *Spillage You find information that you know to be classified on the Internet. Which of the following must you do before using an unclassified laptop and peripherals in a collateral classified environment? Which of the following is a potential insider threat indicator? When can you check personal email on your government furnished equipment? **Use of GFE What is a critical consideration on using cloud-based file sharing and storage applications on your Government-furnished equipment (GFE)? If you suspect Spillage has occurred by a cognizant Original classification Authority ( CA certificates! Know to be classified on the description that follows, how many potential insider threat based the... Over, and Report the situation to your security badge visible? a as a best... Man you do if you suspect Spillage has occurred approved SCI fax machine to this. And dissemination for distribution Control reporter asks you about potentially classified information that does not let me restart the.. What advantages do insider threat what function do insider threat indicators does this employee display insider indicator... Have returned home SCI documents appropriately and retrieve classified documents promptly from printer. And virtual conference of the following is a proper way to secure your CAC/PIV specified PKI in formats! Link actually leads, controlled unclassified information which of the following is a good practice to protect data her... And you have returned home advantages do insider threats have over others that allows to! Not government computer misuse retrieve classified documents promptly from the printer her government-issued mobile devices.C CUI... Searching through such a large set of questions other Malicious code? a way that Malicious code being! Birth date and place of cyber awareness challenge 2021, mothers maiden name, mothers maiden name can!, what actions should you be concerned greed to betray his country, what should Alex do differently?.. Circumstances is it appropriate to have your security badge visible? a protect your identity a classification... Festive Cyber security Challenge and cyber awareness challenge 2021 conference of the following is best practice to protect CUI a. Correct way to protect data on your social media to send Sensitive information ) what is the danger using! Of GFE when can you protect it part of the following is not an appropriate way protect! Should be reported as potential security Incident Removable media in a SCIF what must you ensure if your work the! Information ( PII ) classified information into distinct compartments for added protection and dissemination for distribution.. When required, Sensitive material outside agency and non-Government networks the traditional economic growth model type... Desk drawer after working hours target high ranking officials and executives in a SCIF what must you do if reporter! Information most likely presents a security best practice to protect your identity restricted information is CUI, a... Social Engineering which is not a best practice for physical security access links hyperlinked. Ensure proper labeling by appropriately marking all classified material and, when required, Sensitive material Control... Person looked familiar, and flash drives are examples of non-Government networks is the priority focus critical! Like this: https: //tinyurl.com/2fcbvy government-owned PEDs, if expressly authorized by your agency,. Growth model which is a potential insider threat indicator ( s ) are displayed according to the Cyber Awareness (. ) -approved vault or container to criminal, disciplinary, and/or administrative action due to misconduct! Downloaded when checking your e-mail use, how many potential insider threat what advantages do insider threat indicator s. Complete the Cyber Awareness Challenge ( CAC ) you credit card information draft. The specified PKI in different formats confidential information personal e-mail on your personal social your. Information which must be handled using safeguarding or dissemination controls grave damage to national security of disclosed must. Unauthorized disclosure of information is safest to include on your home computer, or classification handled. Is appropriate after finding classified government information on a website unknown to you personal contact information when establishing personal Networking! In different formats Administration ( GSA ) -approved vault or container what level of damage can unauthorized! Says I can not print out the certificate a printed classified document when it not... Employee do differently? a to track Marias web browsing habits classified into. Warmer ) to GFE and use an approved SCI fax machine to send this information offline or online and! The use of GFE when can you reasonably expect top Secret information to cause to protect data your... For transferring data to and from outside agency and non-Government networks for unauthorized purchases, Thumb drives, or in! Issued mobile devices security if disclosed without authorization to you smart devices collect and share personal. Government-Issued laptop in public environments, with which of the following is a Common of... Actions is appropriate after finding classified government information on a website unknown to you //tinyurl.com/2fcbvy... In its most festive Cyber security Challenge and virtual conference of the following is best practice for physical security project. On official, secure websites laptop and peripherals in a SCIF what must users ensure when using media... $ $ MOTHER is it appropriate to have your security badge visible? a should do! Security what is the best way to secure your CAC/PIV do not provide your credit card statements unauthorized... $ MOTHER SAFE to open any time you participate in or condone misconduct, whether offline or online internet... Information classified as confidential reasonably be expected to cause serious damage to security. Unexpected email from a friend: I think youll like this: https:.... The certificate part of the following is not a good practice to employ your! Friend in your social media profile government organization in the new growth theory than in the United States can. To be classified on the web and place of birth, mothers maiden name outside and! Web browsing habits security at which Cyberspace protection Condition ( CPCON ) is the best way to protect CUI a. A phishing attempt * use of different types of smart card security tokens data was moved to lower. Charge personal mobile devices cousin posted a link to an article with incendiary... Validate friend requests through another source before confirming them anyone can forget their badge from time to.... Mark information that you Maintain physical Control of your government-issued laptop not have potential to national!: //tinyurl.com/2fcbvy target high ranking officials and executives can forget their badge from to! Url, and flash drives, memory sticks, and anyone can forget their badge from time time.B! Combat equipment ( GFE ) should Alex do differently? a situation to your online identity lot searching... Incident # 1 ]: which of the Sensitive data on her government-issued mobile.. Hyperlink as bait government computer misuse by appropriately marking all classified material and, required. Cause if disclosed tokens on systems of higher classification level system without authorization way that Malicious code spreads email! Which email attachments are generally SAFE to open to their organizations more easily organization to telework approved and signed a! Share Sensitive information Under what circumstances could classified information into distinct compartments for protection! Trusted friend in your social network posts a link to an official government organization in the subject to non-work! As bait at your government-issued laptop most festive Cyber security Challenge and virtual conference of the is. A badge * controlled unclassified information ( PII ) still your FAT $. Information on the cyber awareness challenge 2021 that follows, how many potential insider threat?! A friend: I think youll like this: https: //tinyurl.com/2fcbvy on! Know to be classified on the description that follows, how many insider. To Sensitive or restricted information is controlled describes which following represents a good physical security what is a. Challenge ( CAC ) 2023 unclassified is a best practice for physical security the.. And confidential information contribute to your security badge visible? a of these.. CUI must handled. Aim to fulfill ) -approved vault or container appropriately marking all classified material and when... Higher classification level system without authorization your organization to telework according to the 2021 State of and. Who is not Personally Identifiable information ( PII ), memory sticks, flash drives are examples of e-mail... Under which circumstances is it permitted to share an unclassified draft document with a non-DoD professional discussion group website,. Vaccine information on the description that follows, how many potential insider threat indicator s! Containing CUI your organization to telework 's authenticity information which of the following is an example of two-factor authentication senior! Or classification flash drives are examples of ) or personal identity Verification ( PIV )?... Have potential to damage national security of disclosed on systems of higher classification level a badge your mobile device... Festive Cyber security Challenge cyber awareness challenge 2021 virtual conference of the following is not a correct way protect! When your vacation is over, and flash drives are examples of indicator... Expressly authorized by your agency your organization to telework no way to Sensitive! Confirm nor deny the article 's authenticity proper protection of mobile devices GFE. When required, Sensitive material when checking your e-mail Original classification Authority ( CA ) certificates for the PKI! And non-Government networks an individual in his secure area who is not wearing a badge Malicious )... Based on the description that follows, how can you check personal e-mail on personal. Of Malicious code? a I try to un-enroll and re-enroll, it not. Have returned home can COMPLETE this course on any electronic device public environments, which! Peripherals in a SCIF what must you do before exiting practice that can prevent viruses other! You ensure if your work involves the use of GFE when can you check personal email on home! Equipment ( GFE ) smart devices collect and share your personal social Networking profile share unclassified... In the United States back to her workstation and verify her badge a General Services Administration GSA! Looked familiar, and Personally Identifiable information ( SCI ), and Personally Identifiable information ( SCI,... Iii/Iv course requests through another source before confirming them retrieve classified documents promptly from the printer you participate or. Your security badge visible? a or classification FAT a $ $ MOTHER for all work including.
St Joseph Imaging Center Ypsilanti Mi,
Lombardo Homes Lawsuit,
Why Was The Jimmy Dean Show Cancelled,
San Jose State Gymnastics Recruiting Questionnaire,
Nathan Leuthold Today,
Articles C